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Application Number 10/057,043 CENTRAL FAX CENTER 

Responsive to Office Action mailed June 26, 2006 

NOV 2 7 2006 

AMENDMENT S TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the application. 



Listing of Claims: 

1. (Currently Amended) A method comprising: 

establishing a packet tunnel between a first local area network_an d a second local area 
network, the packet tunneLh aving a source network address within an a ddress space of the first 
local area network a nd a destination network address within an address space of the second l ocal. 
area network ; 

reserving for the packet tunn el an amount of bandwidth within an access link; 
detecting a network attack; 

s olooting a n e w network address for at looot ono - of th e source network addrcsa and - fe e- 
destination network addrcoo upon det e cting the network attaok - ; - 

in response to the detected network attack, splitting the packetjh innel bv selectingan 
intermediate network device, wherein t h e intermediate network device has a network address 
from a network address space other than the address space of the first local area network andthg. 
address space of the second local area network: 

establishing a fir* tunnel from th e first local a rea network to the intermediate. 

network device; 

establishing a second packet tunnel that origin ates from the intermediate network device, 
to the second local area network: 

establishing a now packet tunnol uaing the now notwork addreso, wherein tho now pack e t 
tunnel comprises two or more concatena te d packet tunnola; 

canceling the reserved bandwidth for the packet tunnel- a ftd ^l ubl iahi ng the now packet 

I UL1 l 1 TOT ? OCtTO 

reserving for the new second p acket tunnel an amount of bandwi dth within the access li nk 
upon omo e Kng th e r ese rv e d - bandwidth for the packet tun aefcjad 
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communicating virtual private network fVPN) traffic from the first local area network, to, 
the second local area network bv redirecting the VPN tr affic from the first local area network to 
the intermediate network device through the first packet tunnel and forwarding the VPN traffic 
from the intermediate network device to the second local area network through the second packet 
tunnel 

2. (Original) The method of claim 1, wherein the source network address and the destination 
network address comprise port numbers. 

3 . (Original) The method of claim 1 , wherein the source network address and the destination 
network address comprise Internet Protocol (IP) addresses. 

4. (Previously Presented) The method of claim 1 , wherein detecting a network attack 
comprises detecting an attack on the access link coupling a destination network device to a 
network. 

5. (Canceled)- 

6. (Currently Amended) The method of claim 1, further comprising exchanging a set of 
available network addresses between a source network device originating the packet tunnel and a 
destination network device terminating the packet tunnel^toein the $et of available network 
addresses correspond to a plurality of intermediate netwo rk devices. 

7. (Currently Amended) The method of claim 1, wherein splitting the packet tunnel b^. 
selecting an intermediate device s electing ft new network addrcao comprises: 

maintaining a set of available network flHHraRae* for a plurality of available intermediate, 
network devices, wherein the network addresses are within net work address spaces Other than the 
address space of the first local area netwo rk and the address space of tfre second local area 
network; and 

selecting one of the network addresses ao tho now network addres s. 
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8. (Cancelled). 

9. (Currently Amended) The method of claim 1$, further comprising: 

u pon detecting a network attack^s ending a message from the. a destination network 
device to thea source network device instructing the source network device to establish the first 
packet tunnel with the intermediate network devicej-and 

reserving for the second packet tunnel on amount o f bandwidth within the acc e ss liflk - 
ooupling the destination network device to a network . 

10. (Original) The method of claim 9, further comprising: 

establishing a secure signaling channel between the source network device and the 
destination network device; and 

sending the message via the secure signaling channel. 

1 1 . (Currently Amended) The method of claim 1&, further comprising 

de-encapsulating at the intermediate network device packets received from the first 
packet tunnel; and 

re-encapsulating the packets at the intermediate network device for communication via 
the second packet tunnel. 

12. (Currently Amended) The method of claim 1*, further comprising: 

establishing a secure signaling channel between a source network device and a destination 
network device; 

sending via the secure signaling channel control packets between the source network 
device and the destination network device to monitor the performance of the first and second 
packet tunnels; and 

selecting a new intermediate network device when the performance reaches a minimum 
threshold. 
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1 3, (Currently Amended) The method of claim 12, further comprising maintaining a set of 
possible intermediate network devices for a plurality of available intermediate network devices, 
whgrsin the network addres ses are within n etwork address spaces other than the adfress space . o X 
the first local area network and t b * address space of the second local area network , and wherein 
selecting the intermediate network device comprises selecting one of the possible intermediate 
network devices from the set. 

J 4. (Currently Amended) The method of claim £ 1, wherein reserving an amount of 
bandwidth comprises sending a reservation message from a destination network device 
tenninating the packet tunnel to a service provider access device. 

15. (Original) The method of claim. 14, wherein sending a reservation message comprises 
sending the reservation message according to the Resource Reservation Protocol (RSVP). 

1 6. (Original) The method of claim 1 , wherein establishing a packet tunnel comprises: 

maintaining a set of available multicast network addresses; 

selecting one of the multicast network addresses for the packet tunnel; and 

subscribing to a multicast channel for the selected multicast network address. 

17. (Currently Amended) The method of claim 16, wherein establishing a ae*u second p acket 
tunnel comprises: 

unsubscribing to the multicast channel; 

selecting one of the multicast network addresses for the destination network address; 
establishing the second cnaew packet tunnel using the new destination address; and 
subscribing to a multicast channel for the selected multicast network address. 
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18. (Withdrawn) A method comprising: 

establishing a packet tunnel having a source network address and a destination network 
address; and 

establishing for the packet tunnel a truncated reservation path within an access link 
coupled to a destination network device that terminates the packet tunnel. 

1 9. (Withdrawn) The method of claim 1 8, wherein the source network address and the 
destination network address comprise port numbers. 

20. (Withdrawn) The method of claim 1 8, wherein the source network address and the 
destination network address comprise Internet Protocol (IP) addresses. 

21 . (Withdrawn) The method of claim 1 8, wherein establishing a truncated reservation path 
comprises issuing a reservation command from the destination device to reserve an amount of 
bandwidth within the access link for the packet tunnel. 

22. (Withdrawn) The method of claim 18, further comprising: 

detecting a networik attack; and 

canceling the truncated reservation path for the packet tunnel upon detecting the network 

attack. 

23. (Withdrawn) The method of claim 22, further comprising: 

establishing a new packet tunnel upon detecting the network attack; and. 
reserving for the new packet tunnel an amount of bandwidth within the access link. 

24. (Withdrawn) The method of claim 1 8, wherein establishing a truncated reservation path, 
comprises sending a reservation message from a destination network device terminating the 
packet tunnel to a service provider access device coupled to the destination network device via ai 
access link, wherein the reservation message indicates that packet flow for the tunnel terminates 
with the destination device. 

-6- 

PAGE 10/22 * RCVD AT 11/2712006 5:01:51 PM [Eastern Standard Time] ' SVR:USPTO-EFXRF-5/17* DNIS:2738300 * CSID:6517351102 * DURATION (mm«ss):D5-58 



11/27/2006 16:59 6517351102 



SHUMAKER & SIEFFERT 



PAGE 11/22 



Applicetion Number 10/057,043 

Responsive to Office Action mailed June 26, 2006 

25. (Withdrawn) The method of claim 24, wherein sending a reservation message comprises 
sending the reservation message according to the Resource Reservation Protocol (RSVP). 

26. (Withdrawn) The method of claim 1 8, wherein detecting a network attack comprises 
detecting an attack on an access link coupling the destination network device to the network. 

27. (Currently Amended) A method comprising: 

establishing virtual pri vate network service including a packet tunnel having a source 
network address within an address space of the first local area network, and a destination network 
address within an address space of the second loca l area network: 

reserving for the packet tunnel an amount of bandwidth within an access link; 

detecting a network attack; 

establishing new virtual private network service upon detecting the network attack^ 
wherein tho now virtual private network sorvioQ oomprises - two or more concatenated paclc e t - 
tenneb bv selecting an intermediate network device having a network address from a network 
address space other than the address space of the fir st local area network and the address space of 
the second local area network ; and 

establishing a first packet tunnel fro m the first local area network to the intermediate 

network device; yrd 

establishing a second pa c ket tunnel that originates from the intermediate network fovjee 
to the second local area network: 

canceling the reserved bandwidth for the packet tunnel after establishing the new virtual 

private network service; and 

reserving for the second packet tunnel an amount of ban dwidth within the access link 
upon cancel in g the reserved bandwidth for the packet tunngl. 

28. (Cancelled). 
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29. (Original) The method of claim 27, wherein establishing a packet tunnel comprises: 

maintaining a set of available multicast network addresses; 

selecting one of the multicast network addresses for the destination network address of 
the packet tunnel; and 

subscribing to a multicast channel for the selected multicast network address. 

30. (Previously Presented) The method of claim 27, wherein detecting a network attack 
comprises detecting an attack on an access link coupling a destination network device to a 
network. 

31. (Withdrawn) A method comprising: 

maintaining a set of alternate multicast network addresses and a set of alternate unicast 
network addresses; 

assigning one of the multicast network addresses to a packet tunnel terminating on a 
network device; and 

assigning one of the unicast network addresses to a packet tunnel originating from the 
network device. 

32. (Withdrawn) The method of claim 31, further comprising: 

detecting a network attack; and 

selecting a new multicast network address for the packet tunnel teraunating on the 
network device upon detecting the network attack, 

33. (Withdrawn) The method of claim 3 1 9 further comprising subscribing to a multicast 
channel for the multicast network address assigned to the packet tunnel terminating on the 
network device. 



-8- 



PAGE 12«2*RCVDAT 11/27/20065:01:51 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-5/17 * DNIS:2738300 * CSID:6517351 102 * DURATION (mm-ss):05-58 



11/27/2086 16:59 6517351102 



SHUMAKER & SIEFFERT 



PAGE 13/22 



Application Number 1 0/057,043 

Responsive to Office Action mailed June 26, 2006 

34. (Withdrawn) The method of claim 33, further comprising: 
detecting a network attack; 
unsubscribing to tbe multicast channel; 

selecting a new multicast network address for the packet tunnel terminating on the 
network device upon detecting the network attack; and 

subscribing to a new multicast channel for the new multicast network address. 



-9- 



PAGE 13^2 * RCVD AT 1 1/27/2006 5:01 :51 PM [Eastern Standard Time] * SVR:USPTO-EFXRFh5/17 * DNIS:2738300 * CSID:6517351 102 * DURATION (mm-ss):D5-58 



11/27/2086 16:59 6517351102 



SHUMAKER & SIEFFERT 



PAGE 14/22 



Application Number 10/057,043 

Responsive to Office Action mailed June 26, 2006 

35. (Currently Amended) A system comprising 

a source device coupled to a first local area n etwork; and 

a destination device coupled to a second local area fe e-network, 

wherein the source device and the destination device establish a packet tunnel having a 
source network address within an addr ess s pace of th e first local area network and a destination 
network address within an addres s snace of the second local area network, reserve for the packet 
tunnel an amount of bandwidth within an access link, upon detecting a network attack, select a 
new network address from a network address s p ace other than the address space of the first local , 
area network and the address space of the second local area network, and split the packet tunnel. 
bv establishing a first packet tunnel from the first lo cal area network to an intermediate network. 
device having the network address and establish ing a second packet tunnel from the intermediate 
network device to the second local area network fer at least one of the gourcc notwork addrooa 
and the destination network address, e stablioh a new packet tunnel , 

wherein the destination device t ho new paok e t tunnol comprises two or mor e 
concat e na te d packet tunn e )9 r afl d-cancels the reserved bandwidth for the packet tunnel after the 
seconxLaew-packet tunnel is established, and reserves for the secon d packet tunnel an amount of 
bandwidth within the access link upon canceling the reserved bandwidth for the packet tunneL 
and 

wherein the source device communicates virtual pri v ate network (VPN) traffic from the; 
first local area netwoiic to the second local area network by redirecting the VPN traffic from the . 
first local area network to the inte rm e di ate n et work d evice throupfr the first packet tunnel Al 
forwarding the intermediate network device to the seco nd local area . netw ork through the secpnd 
packet tunnel . 

36. (Original) The system of claim 35, wherein the source network address and the destination 
network address comprise port numbers. 

37. (Original) The system of claim 35, wherein the source network address and the destination 
network address comprise Internet Protocol (IP) addresses. 
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38. (Previously Presented) The system of claim 35, wherein the destination device and the 
source device comprise edge routers that couple local area networks to the network. 

39. (Previously Presented) The system of claim 35, wherein the destination device detects an 
attack on an access link coupling the destination device to the network 

40. (Canceled). 

41 . (Original) The system of claim 35, wherein the destination device and the source device 
exchange a set of available network addresses for the source network address and the destination 
network address of the packet tunnel. 

42. (Original) The system of claim 35, wherein the destination device comprises a storage 
medium to store a set of available network addresses for use as the source network address and 
the destination network address of the packet tunnel. 

43- (Cancelled). 

44. (Currently Amended) The system of claim 254*> wherein the intermediate network 
device de-encapsulates packets received from the first packet tunnel and re-encapsulates the 
packets for communication to the destination device via the second packet tunnel. 

45. (Cuuently Amended) The system of claim 3543, wherein the source device and the 
destination device establish a secure signaling channel and send via the secure signaling channel 
control packets to monitor the performance of the first and second packet tunnels. 

46. (Original) The system of claim 45, wherein the destination device selects a new intermediate 
network device when the performance reaches a minimum threshold. 
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47. (Withdrawn) A system comprising 

a source device coupled to a network by a first access link, wherein the source device 
originates a packet tunnel; and 

a destination device coupled to the network by a second access link, wherein the 
destination device terminates the packet tunnel, and further wherein the destination device 
establishes for the packet tunnel a truncated reservation path within the second access link, 

48. (Withdrawn) The system of claim 47, wherein the destination device issues a 
reservation command to a service provider device to reserve an amount of bandwidth within the 
second access link. 

49. (Withdrawn) The system of claim 47, wherein the destination device cancels the 
truncated reservation path upon detecting a network attack. 

50. (Withdrawn) The system of claim 49, wherein the destination device establishes a new 
packet tunnel upon detecting the network attack and reserves for the new packet tunnel an 
amount of bandwidth within the second access link. 

51. (Canceled). 

52. (Canceled). 
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53. (Currently Amended) A computer-readable medium comprising instructions to cause a 
processor to: 

establish a packet tunnel having a source network address within an ad dress space of a 
first local area network and a destination network address within an address space of a second, 
local area network; 

reserve for the packet tunnel an amount of bandwidth within an access link; 

detect a network attack; 

ooloot a new network addroaa for at l e ast - ono of the sources network address and the 
destination network address up o n detecting the network attack; 

in response tothe detected network attack, split the pack et tunnel by selecting an 
intermediate network device, wherein the intermediate netwo rk device has a network address 
from a network address space other than the address space of the first l ocal area netwoik and the 
address space of the second local area network: 

communicate the network addre s s to the source device for establishing a first packet 
tunnel from the first local are a network to the intermediate network device; 

establish a second packet tunnel that originates from the interm ediate network device to 
the second local area network; 

establish a now packet tunnel using the now network address, wheroin the new paekefc 
tunnol comprises two or more concatenated packet tunnola; and 

cancel the reserved bandwidth for the packet tunnel after ontabliahing the now packet 

♦m nwal * 

noZZIvT] 

reserve fnr the second packet runnel an amount of bandwidth within the access link apea- 
oanoeling tho r ogerved bandwidth for th e packet tunneliand 

receive virtual private network (VPtf) traffic that was r edirected from the first Local area 
network to the intermediate network device through the first packet tunnel and forw arded the. 
VPN traffic from the intermediate network device to the second local area network through the 
second packet runnel . 

54. (Canceled). 
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55. (Currently Amended) The computer-readable medium of claim 53, further comprising 
instructions to cause the processor to select the intermediate network device by: 

maintaining a set of available network addresses; and 

selecting one of the network addresses as the now network address * 

56, (Canceled). 
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